Editor's note: As part of the “Financial Times Cybersecurity Summit USA,” U.S. Chamber Senior Vice President for National Security and Emergency Preparedness Ann Beauchesne will participate in a panel Wednesday looking at the role of senior management in developing an effective corporate cybersecurity strategy. This op-ed first appeared in The Detroit News.
A few years ago cyberattacks were on the margins of news stories. But after a series of high-profile attacks against major financial institutions, retailers and health care providers, people realize that cyberattacks aren’t going away.
The need to address increasingly sophisticated threats against U.S. businesses has rapidly gone from an IT issue to a top priority for the C-suite and the boardroom.
Cybercrime is among the most urgent threats to U.S. national and economic security, and these threats are increasing in scale, sophistication and frequency. Bad actors from criminals to nation-states use cyberattacks because they are cheap, easy and lucrative.
Here in the state of Michigan, hackers attempt millions of attacks every day. According to a McAfee report, the global impact of cybercrime tops $375 billion annually, and the estimated cost to U.S. businesses is 200,000 jobs lost annually. It’s not surprising that a Gallup poll found that people are more concerned about cyber theft and hacking than any other kind of crime.
U.S. businesses are responsible for protecting their cyber networks. This includes not only their intellectual property and trade secrets but also the personal information of their employees and customers. There isn’t a silver bullet to create a more secure and resilient network. However, there are numerous tools available to industry to reduce vulnerabilities and mitigate cyber risk.
One tool that offers an important first line of defense is timely, actionable cyber threat data. This is something the government and private sector agree on, and following a bipartisan push in the House of Representatives and the Senate last year, President Obama signed the Cybersecurity Information Sharing Act into law. This landmark legislation gives businesses the legal protection they need to feel safe when voluntarily sharing or receiving threat data with industry peers and the government.
Yet we’ve still got work to do. In a recent IBM survey of CEOs, 55 percent of respondents said that information sharing is necessary in fighting cybercrime, but only 32 percent said they are willing to share their organizations’ cyber-threat data.
One example of positive, proactive data sharing can be found by looking at an industry pivotal to Detroit. Members of the Alliance of Automobile Manufacturers and the Association of Global Automakers established an auto-specific information sharing and analysis center with Homeland Security to facilitate sharing existing or potential threats to motor vehicle cybersecurity among members of the industry. In addition, members of the two associations have recently released a Framework for Automotive Cybersecurity Best Practices. Building on the auto framework, the industry plans to begin developing automotive cybersecurity best practices and continue collaborating with external stakeholders and cybersecurity experts as appropriate.
Since its founding, the Internet has fundamentally changed how we connect with others, the nature of our work, and how we discover and share news and new ideas. Industry and government are building a strong foundation to preserve our competitive advantage in the global economy and protect the privacy of American people.
But, one thing is certain — protecting America’s critical cyber infrastructure is a team sport.